hydra | cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb | Triage

Sharing

General

Target

cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb.bin
Size

3.1MB
Sample

231106-1xfnpaff6z
MD5

67aa789ed858a78f6ca1f7cb6f6411d7
SHA1

f67e857fdbada5c1dd929dfb552dc39eb82acd07
SHA256

cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb
SHA512

54844aa9ebc73fdfe5b1bad25604da23d6edab24225c53a2e6bee1f9122594bc24baf82d2c285e3745c8f79e0abd7d24bb79748c19cfecb881a3ff67974bf6e9
SSDEEP

98304:WBeghwapHRr2Kf9utMb+sph0qtJpoBMI5l+bKXWM4R1:WBeRaLZFutMbJe4Ytl+2N4R1

Score

10^/10

hydra android banker infostealer linux trojan

Malware Config

Extracted

Family

hydra

C2

http://aykomediki.net

Targets

- Target
  
  cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb.bin
- Size
  
  3.1MB
- MD5
  
  67aa789ed858a78f6ca1f7cb6f6411d7
- SHA1
  
  f67e857fdbada5c1dd929dfb552dc39eb82acd07
- SHA256
  
  cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb
- SHA512
  
  54844aa9ebc73fdfe5b1bad25604da23d6edab24225c53a2e6bee1f9122594bc24baf82d2c285e3745c8f79e0abd7d24bb79748c19cfecb881a3ff67974bf6e9
- SSDEEP
  
  98304:WBeghwapHRr2Kf9utMb+sph0qtJpoBMI5l+bKXWM4R1:WBeRaLZFutMbJe4Ytl+2N4R1
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  appboy-html-in-app-message-javascript-component.js
- Size
  
  4KB
- MD5
  
  2cacca17d8bee29690b3fed9a8053e27
- SHA1
  
  95a316d262434f6146367ebf0c8891dee2845c18
- SHA256
  
  5e33430b3d5bff988c5c3a80dc5ce0d7942c8d35df1a19e53f97571ca4e69f4d
- SHA512
  
  3a959856cd95c7e2b89c1c1ac741fc372a7ae8f886dcc2c3acc917c432a72835e82964c3c3d13a2fd6e3d304ba78e367526a13a067e0f36292520fa14b904e5e
- SSDEEP
  
  96:ClCF13kkhTmmDbm7o5q8rnC3pjG6qWo307IL/QW:uq13kkfPm7o5qJxZiOIL/QW
Score

1^/10
behavioral4 behavioral5
- Target
  
  aps-mraid.js
- Size
  
  10KB
- MD5
  
  7eb2e0ad4328a0c303ba8a0a77fbbcee
- SHA1
  
  fba9f141cd195378cbb266228b2c3abe6f1a2319
- SHA256
  
  5786e5ec3a9425ea2297eccf7b5629491a7c58bdd5877f5a0edadac073ed532d
- SHA512
  
  7cbebf9395e4ee3624c3ab84948d98a9b6592946221409681e3ade83f1f2831d0213ba20052f98e71230b9ef7e072e6b0b816534b777bfb512053100bbd0098c
- SSDEEP
  
  192:RiCYiIp5RsHMSP2io9SyKMnbCXnBtdyvgVHGlzjTSWiwvi/:RJ6VsHVP2io2MnUjyvgVkzP3i3
Score

1^/10
behavioral6 behavioral7
- Target
  
  dtb-m.js
- Size
  
  33KB
- MD5
  
  2958b7dce738e82e3f9edac9408f0218
- SHA1
  
  1a736dd5a5f87ebab2ba3bbc557a12487eef2df6
- SHA256
  
  d6e2d6da7fa58b8d53828b1dac654d57d656fe47fa9898c0aae84cbcf3b8fc61
- SHA512
  
  3c7612232f1f8ec8a51745fa3593bae9e8351849bee1de34ff341c33583c7e39a6313ea28260797a97c4c64cad781931f80965ea0fd1c05b772a1d6b00332d8c
- SSDEEP
  
  768:cM85TLOVEVU3SGgmAms+SBED+tSklU+EF:c1JO6VU3ZymWBUP
Score

1^/10
behavioral8 behavioral9
- Target
  
  happygame.js
- Size
  
  1KB
- MD5
  
  9bcbb11978a95acf2958fd9769d5e2e1
- SHA1
  
  bd62a9a7c79935214658feac5f7e1e78205f53e6
- SHA256
  
  1fd06dc741b7ed57d54702c39d9a42cdccc7bfadfd5b7c23dc1cfbfa66424d90
- SHA512
  
  80d6e70c026867e9a9690163524adab4d913a5d74472f191dd509ec4cc99a11e86e9823ea06b6e59e6851e06f09304a589f5ae7ab63a2c24525199316390f10b
Score

1^/10
behavioral10 behavioral11
- Target
  
  libByteAIDT.so
- Size
  
  21KB
- MD5
  
  34a713e1d5ff4fa8083359bc48c6005d
- SHA1
  
  7a8b5ec6fec434c8a01a5a3530f265d99087f753
- SHA256
  
  de37a3fb640d1f63d17735c8362ffc920a150d119c2e4b69b77d4f15f6a7a591
- SHA512
  
  f44de14ea7b01f215f397bb05eb5bd71d6a19e74abc5d2d968a0a3651bca13514be9bab8e4f0bbc357ae5cbdd96f14f8f236cba88af78bf44dd6fc3bfe42ad63
- SSDEEP
  
  384:SmQh19DlsT4BO8Sw4XVahRJq69twblo6cTuk2IA5N8i:PT4SwJhzZ9tu7cTuwA5NH
Score

1^/10
behavioral12 behavioral13 behavioral14 behavioral15
- Target
  
  libByteAINN.so
- Size
  
  37KB
- MD5
  
  c64c2643f4176af985bb58de71695b57
- SHA1
  
  d4fe1d9772730f8c5bd2c85cb4906dfed6c2eee4
- SHA256
  
  16da9ebf032e374cee62a0ed9ec43d0c3ee9b427b02303c7625a0c9a82bf0d29
- SHA512
  
  50db591de37c961ab09ac1e683962428c727c895c3f84d7d85e083962ee501fec2a3f126381825271da8898c8ed0a041991f86f2100a3712469bca0ad3aa4c1f
- SSDEEP
  
  768:xn0UY7jTxflotqS3nrfdevh4GS9cj8Hc8x+zpghG91I:l0UU/xflujnzdev2S8+zpghG91I
Score

1^/10
behavioral16 behavioral17 behavioral18 behavioral19
- Target
  
  libbuffer.so
- Size
  
  9KB
- MD5
  
  bd76635e93a3372bed08e27ea3c06414
- SHA1
  
  55fef8dde468e05dfbafed097a1fa6d52dca354c
- SHA256
  
  fe8f6e8e1550fc5384d9aa1418aaa4403380ac960c63d2bfca304b232545ed58
- SHA512
  
  1080fbf41fa2694e5b5494f0722b33bd6c95043ff89dd0ce80eb44c659199376d4bb1207ac1973a116449ec22ec61fa0a748850743139930135d6313c0a3aee6
- SSDEEP
  
  96:G39wMeXpaewWHZxKk6zszetcxg1AbsxRLgOVeqVedi+y8x9sj6lSrghsnUb/:s9neXJK2auO4qV0i+y8ximpCI
Score

1^/10
behavioral20 behavioral21 behavioral22 behavioral23
- Target
  
  libnative-filters.so
- Size
  
  25KB
- MD5
  
  b33de95a10b3b4d10bbad2a7b86c6d2e
- SHA1
  
  f4d306ef13fb527c8a9b46ac4431caabf2467aed
- SHA256
  
  3692f76af546c8adc605be96e3fb0d7d53f58f56ea2692fc5d779cc0d89730f5
- SHA512
  
  2110b5479d6cfd11b429276bc86d57370b620c96716465643e693191e47d9d3f27aa29e831de849133d48bd39a8a293019deb2e8b222ca0acf2564e4ec467490
- SSDEEP
  
  384:QX5UNodSgkMxCwEqP5EHSXTJ9bkYCVbqh7Q2MtUtC1yFRu0:QXXSgCwEqBEHaTJ9bkYCVk7NtCUu0
Score

1^/10
behavioral24 behavioral25 behavioral26 behavioral27
- Target
  
  libnpth_dl.so
- Size
  
  25KB
- MD5
  
  2eb075398ec339a8fe223422607a1486
- SHA1
  
  0c9d36b7ce43d8b1b64aae2818b01ff93c750f35
- SHA256
  
  dc202072c4c63026cc8db2ca9eafef5653d3200f10b042d966af895e6d55784f
- SHA512
  
  fb2530c5e6a7bd87e8d568b9dcfca223aecb442f3428047fce0f9f51812189e7967cbcba38f64ca6883f5903c546aa6e33598c881dae522ec40398e740be5f3d
- SSDEEP
  
  384:ggvtKrXk7/qkl77v5CCtmQhJUnyCyzlHamfwxe60Q9vygS86:gWtKrijl77v53mQhJU8l7fwxe60QFytl
Score

1^/10
behavioral28 behavioral29 behavioral30 behavioral31
- Target
  
  libttmverify.so
- Size
  
  9KB
- MD5
  
  4d52f325d5cb1bd3b4205515a8bdc486
- SHA1
  
  3050f92106d6bfdb5d3220cf996c982e52a79380
- SHA256
  
  c880e6b5c2f914c59d008fe7e67488a5a776d3648d75e7ac085df5bf95687dcf
- SHA512
  
  41b00f56bbc16f0a8db12c10012446f63f1d7336fdbe4d3c0c68fb3bec8b8ff209aada89d1b7c86fba4258718d517609b0f71c36e9dcf71bc1eb6f209eaad216
- SSDEEP
  
  96:R2wcLQZkRaHMuP8n1lisuO9gqIqSH6MZDJhQBRgTo4Lj:jcLQHMuP8n+OOBwaVhjb
Score

1^/10
behavioral32

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32